Commit ebffeb3e authored by Petri Hintukainen's avatar Petri Hintukainen

Sanity check partition map sizes

Fix possible OOB read (corrupt input)
parent 65765bef
......@@ -599,6 +599,11 @@ static int _parse_udf_partition_maps(udfread_block_input *input,
/* ECMA 167 Type 1 partition map */
if (len != 6) {
udf_error("invalid type 1 partition map length %d\n", (int)len);
break;
}
ref = _get_u16(map + 4);
udf_log("partition map: %u: type 1 partition, ref %u\n", i, ref);
......@@ -619,6 +624,11 @@ static int _parse_udf_partition_maps(udfread_block_input *input,
/* Type 2 partition map, UDF 2.60 2.2.18 */
if (len != 64) {
udf_error("invalid type 2 partition map length %d\n", (int)len);
break;
}
struct entity_id type_id;
decode_entity_id(map + 4, &type_id);
if (!_check_domain_identifier(&type_id, meta_domain_id)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment